Try Workmax free for 1 month! Sign up today and see the difference.Learn More
Policy Update: 25 Feb, 2024

Security Policy

Your data security is our top priority.

Security Policy

At Workmax, we understand that trusting us with your payroll and HR data is a significant responsibility. We have built our platform with security at its core, ensuring your sensitive information is protected by industry-leading standards.

Infrastructure Security

Workmax is built as a modern serverless application on Amazon Web Services (AWS), leveraging the security and reliability of the world's leading cloud provider.

  • Secure UK Servers: All data is hosted in the eu-west-2 (London) region, ensuring data residency compliance for UK businesses.
  • Encryption at Rest: All data stored in our databases (DynamoDB) and file storage (S3) is encrypted using AWS Key Management Service (KMS) with 256-bit encryption.
  • Encryption in Transit: All data transmitted between your device and our servers is encrypted via HTTPS/TLS 1.2+.
  • DDoS Protection: Our infrastructure is protected by AWS Shield and AWS WAF (Web Application Firewall) to defend against malicious attacks.

Authentication & Access Control

We implement strict controls to ensure only authorized users can access your data.

  • Secure Authentication: We use AWS Cognito for secure user identity management, supporting Multi-Factor Authentication (MFA).
  • Role-Based Access Control (RBAC): Access levels (Admin, Manager, Employee) ensure users only see data relevant to their role.
  • Token Management: Secure session handling with short-lived JWT tokens and automatic rotation.
  • Password Policy: We enforce strong password requirements to prevent unauthorized access.

Data Privacy & Compliance

We are committed to protecting your privacy and complying with data protection regulations.

  • GDPR Compliant: We are fully compliant with the General Data Protection Regulation (GDPR).
  • Data Isolation: Our database design uses strict tenant isolation, ensuring your company's data is logically separated from others.
  • Audit Trails: Critical actions within the system are logged to provide an audit trail for security and compliance monitoring.
  • Regular Backups: Automated backups ensure your data is safe and can be restored in the unlikely event of data loss.

Operational Security

Our internal processes are designed to maintain a secure environment.

  • Least Privilege: Our engineers and systems operate on a principle of least privilege, granting only the access necessary to perform specific tasks.
  • Code Security: All code undergoes rigorous review and automated security scanning (SAST/DAST) before deployment.
  • Incident Response: We have a dedicated incident response plan to quickly address any potential security events.

Reporting Security Issues

If you believe you have found a security vulnerability in Workmax, please report it to us immediately at security@workmax.co.uk. We take all reports seriously and will investigate promptly.

Need more information about our legal practices?

Contact Legal Team
Simplify your workforce management with one complete solution.
Workmax unifies payroll, HR, time tracking, scheduling, and expenses into a single platform. Eliminate manual data entry, streamline compliance, and get back your evenings. Everything you need to manage your team efficiently, all in one place.
Try free for 1 month – Credit card required